heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

reveal native methods android split package&class

Browse Source
This commit is contained in:
iddoeldor 2019-05-01 14:44:08 +03:00 committed by GitHub
parent 357a9e3e1c
commit 2a210509c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README.md
View File

@ -334,7 +334,6 @@ var RevealNativeMethods = function() {
var env = Java.vm.getEnv();
var RegisterNatives = 215, FindClassIndex = 6; // search "215" @ https://docs.oracle.com/javase/8/docs/technotes/guides/jni/spec/functions.html
var jclassAddress2NameMap = {};
function getNativeAddress(idx) {
return env.handle.readPointer().add(idx * pSize).readPointer();
}
@ -344,11 +343,9 @@ var RevealNativeMethods = function() {
jclassAddress2NameMap[args[0]] = args[1].readCString();
}
});
// https://android.googlesource.com/platform/libnativehelper/+/master/include_jni/jni.h#977
// RegisterNative(jClass*, .., JNINativeMethod *methods[nMethods], uint nMethods) // https://android.googlesource.com/platform/libnativehelper/+/master/include_jni/jni.h#977
Interceptor.attach(getNativeAddress(RegisterNatives), {
onEnter: function(args) {
var methodsPtr = ptr(args[2]);
for (var i = 0, nMethods = parseInt(args[3]); i < nMethods; i++) {
/*
https://android.googlesource.com/platform/libnativehelper/+/master/include_jni/jni.h#129
@ -359,15 +356,17 @@ var RevealNativeMethods = function() {
} JNINativeMethod;
*/
var structSize = pSize * 3; // = sizeof(JNINativeMethod)
var sigPtr = methodsPtr.add(i * structSize + pSize).readPointer();
var fnPtrPtr = methodsPtr.add(i * structSize + (pSize * 2)).readPointer();
var methodsPtr = ptr(args[2]);
var signature = methodsPtr.add(i * structSize + pSize).readPointer();
var fnPtr = methodsPtr.add(i * structSize + (pSize * 2)).readPointer(); // void* fnPtr
var jClass = jclassAddress2NameMap[args[0]].split('/');
console.log('\x1b[3' + '6;01' + 'm', JSON.stringify({
module: DebugSymbol.fromAddress(fnPtrPtr)['moduleName'], // https://www.frida.re/docs/javascript-api/#debugsymbol
class: jclassAddress2NameMap[args[0]],
method: methodsPtr.readPointer().readCString(), // const char* name
signature: sigPtr.readCString(), // TODO Java bytecode signature parser { Z: 'boolean', B: 'byte', C: 'char', S: 'short', I: 'int', J: 'long', F: 'float', D: 'double', L: 'fully-qualified-class;', '[': 'array' }
address: fnPtrPtr
module: DebugSymbol.fromAddress(fnPtr)['moduleName'], // https://www.frida.re/docs/javascript-api/#debugsymbol
package: jClass.slice(0, -1).join('.'),
class: jClass[jClass.length - 1],
method: methodsPtr.readPointer().readCString(), // char* name
signature: signature.readCString(), // char* signature TODO Java bytecode signature parser { Z: 'boolean', B: 'byte', C: 'char', S: 'short', I: 'int', J: 'long', F: 'float', D: 'double', L: 'fully-qualified-class;', '[': 'array' } https://github.com/skylot/jadx/blob/master/jadx-core/src/main/java/jadx/core/dex/nodes/parser/SignatureParser.java
address: fnPtr
}), '\x1b[39;49;00m');
}
}